DOJ Data Security Program
The Data Security Program (“DSP”) implemented by the National Security Division (“NSD”)
under Executive Order 14117 comprehensively and proactively addresses the continued efforts
of foreign adversaries to use commercial activities to access, exploit, and weaponize U.S.
Government-related data and Americans’ bulk sensitive personal data.
Data Security Program: Frequently Asked Questions
On January 8, 2025, NSD issued a final rule implementing Executive Order 14117, which is now
available at 28 CFR Part 202. Unless otherwise indicated, all citations are to the sections of the
DSP regulations in 28 CFR Part 202. These Frequently Asked Questions (“FAQs”) address high-
level clarifications about Executive Order 14117 and the DSP. NSD, which implements the DSP
primarily through the Foreign Investment Review Section, will periodically update this list of
FAQs with additional questions and answers...
U.S. Data Security Program Cheat Sheet
The U.S. Department of Justice’s final rule on protecting Americans’ sensitive data took effect on 8 April 2025. The Data Security Program was adopted pursuant to Executive Order 14117 and is implemented by the DOJ’s National Security Division. The DSP establishes controls to prevent foreign adversaries, and those subject to their control and direction, from accessing bulk U.S. sensitive personal data and U.S. government-related data.